5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.948 High
EPSS
Percentile
99.2%
OpenSSL project reports:
DTLS segmentation fault in dtls1_get_record (CVE-2014-3571)
DTLS memory leak in dtls1_buffer_record (CVE-2015-0206)
no-ssl3 configuration sets method to NULL (CVE-2014-3569)
ECDHE silently downgrades to ECDH [Client] (CVE-2014-3572)
RSA silently downgrades to EXPORT_RSA [Client] (CVE-2015-0204)
DH client certificates accepted without verification [Server] (CVE-2015-0205)
Certificate fingerprints can be modified (CVE-2014-8275)
Bignum squaring may produce incorrect results (CVE-2014-3570)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
FreeBSD | any | noarch | openssl | = 1.0.1 | UNKNOWN |
FreeBSD | any | noarch | openssl | < 1.0.1_17 | UNKNOWN |
FreeBSD | any | noarch | mingw32-openssl | = 1.0.1 | UNKNOWN |
FreeBSD | any | noarch | mingw32-openssl | < 1.0.1k | UNKNOWN |
FreeBSD | any | noarch | linux-c6-openssl | < 1.0.1e_3 | UNKNOWN |
FreeBSD | any | noarch | freebsd | = 10.1 | UNKNOWN |
FreeBSD | any | noarch | freebsd | < 10.1_4 | UNKNOWN |